| It makes progress to the IDS research inside and outside country, but there are several difficult problems:(1) There is contradiction between loss detecting rate and the performance of network in the network based IDS;(2) They cannot cooperate with each another, so they cannot provide safeguard in the fast developing network;(3) It isn't perfects in the response policy of the network attacks. There are these problems in most IDS at present; it will come into being big influence to settle these problems in the future network security.It concentrates on the technology of attack detection in the research of IDS, but it cannot settle all problems in IDS, it must combine with other technology to settle these problems. In this paper, we will combine the trust model with the attack detection technology to settle several problems.In this paper, the user trust model is firstly presented on the basis of PKI trust model and the trust research of at peer-to-peer networks. This model researches fitly the trust relation between user and IDS, and the computing means of the user trust degree is presented on the basis of the user trust model and the principle of IDS.In this paper, a misuse detection model for IDS based on user trust degree (UTD) is firstly presented. This model improves the architecture of IDS, the strategy of signature matching, and the cooperation and response mechanism. UTD-IDS presents a means of graded partition and the intrusion response mechanism that based on UTD whereas there is a lack of graded partition in the architecture of CIDF, so it improves the rationality of the system. The safety level of misuse IDS is defined and the IDS of lower safety level may prevent unknown intrusion from damage by the early-alert principle. In addition, UTD-IDS takes full advantage of local principle, then reforms the strategy of signature matching, so it improves the efficiency and accuracy of signature matching. |
PDF Full Text Request